AWS Security Blog
New Whitepaper—Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth
October 15, 2021:We updated a link in this blog post.
The newly released whitepaper, Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth, will help you integrate your existing LDAP-based user directory with AWS. When you integrate your existing directory with AWS, your users can access AWS by using their existing credentials. This means that your users don’t need to maintain yet another user name and password just to access AWS resources. To give your users a seamless single sign-on experience for AWS, follow this whitepaper’s step-by-step walkthrough, from installing and configuring an OpenLDAP directory (if you don’t already have one) to accessing AWS by using your existing user identities.
The whitepaper focuses on the following technologies:
- OpenLDAP – Directory software for directory services.
- Apache Tomcat – A web server for hosting your Shibboleth software.
- Shibboleth Identity Provider – Software to provide Security Assertion Markup Language (SAML) 2.0–compliant assertions to AWS.
- AWS Identity and Access Management – An AWS web service that supports identity federation using SAML 2.0.
To get started, download the whitepaper. You can also review the AWS documentation about SAML 2.0–based identity federation. If you have questions, post them on the AWS Forum.